robojerk/codeql-action

Merge pull request #689 from github/aeisenberg/update-permissions

Browse source 
Updates the permissions block to be minimal
This commit is contained in:
Andrew Eisenberg 2021-08-09 15:12:02 -07:00 committed by GitHub
commit 07fa17da87
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/codeql.yml vendored
View file

@ -17,8 +17,6 @@ jobs:
versions: ${{ steps.compare.outputs.versions }} versions: ${{ steps.compare.outputs.versions }}
permissions: permissions:
actions: read
contents: read
security-events: write security-events: write
steps: steps:
@ -68,8 +66,6 @@ jobs:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
permissions: permissions:
actions: read
contents: read
security-events: write security-events: write
steps: steps:

2
CHANGELOG.md
View file

@ -2,7 +2,7 @@
## [UNRELEASED] ## [UNRELEASED]
No user facing changes. - Update README to include a sample permissions block. [#689](https://github.com/github/codeql-action/pull/689)
## 1.0.11 - 09 Aug 2021 ## 1.0.11 - 09 Aug 2021

8
README.md
View file

@ -42,6 +42,14 @@ jobs:
# CodeQL runs on ubuntu-latest, windows-latest, and macos-latest # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v2